CONTENTS PREFACE ACKNOWLEDGEMENT ACRONYMS INTRODUCTION 1. INTERNAL AUDIT FUNCTION FUNDAMENTALS

Size: px
Start display at page:

Download "CONTENTS PREFACE ACKNOWLEDGEMENT ACRONYMS INTRODUCTION 1. INTERNAL AUDIT FUNCTION FUNDAMENTALS"

Transcription

1 CONTENTS PREFACE ACKNOWLEDGEMENT ACRONYMS INTRODUCTION 1. INTERNAL AUDIT FUNCTION FUNDAMENTALS 1.1. Definition of Internal Audit Internal Audit, Fraud and Corruption Internal Audit and Other Areas of Financial Management and Control 1.2. Requirement for Internal Audit Legal and Regulatory Requirement Legislative and Oversight Bodies Responsibilities and Mandate 1.3. Authority, Organization and Interaction with Others Authority and Rights of Access Authority Rights of Access Organizational Structure Interaction with Others Senior Management Audit Committee Supreme Audit Institution External Audit Audit Authority Central Harmonization Unit Budget Spenders Other Assurance Providers External Experts Law Enforcement Authorities Financial Inspection Services 1

2 1.4. Scope of Services 2. INTERNAL AUDIT POLICIES 2.1. Overview 2.2. Professional Ethics 2.3. Professional Standards 2.4. Professional Responsibilities Independence Objectivity 2.5. Proficiency and Due Professional Care Proficiency Qualification Recruitment Competency Training and Continuing Professional Development Training Continuing Professional Development Objectives Setting and Performance Evaluation Career Planning Co-Sourcing Arrangements Due Professsional Care 3. INTERNAL AUDIT PROCEDURES 3.1. Planning Audit Universe Risk Assessment Methodology Strategic Audit Plan Annual Audit Plan 2

3 Annual Audit Budget Coordination with Other Assurance Providers 3.2. Execution Engagement Planning Staffing the Audit Opening Meeting Tools Preliminary Survery Audit Objectives and Audit Scope Audit Program Audit Field Work Working Papers Executing the Audit Program Audit Approaches Internal Audit Techniques Internal Control Assessment Audit Evidence Supervising the Audit Fact-Finding Sheet Closing Meeting Reporting on Internal Audit Engagement Intermediary Report Draft Report Final Report Reporting to Authorities in Case of Irregularities (Fraud) Follow-up on Audit Report Recommendations Activity Reports Annual Audit Opinion (Statement of Assurance) Record Retention 3

4 4. QUALITY CONTROL 4.1. Quality Program 4.2. Audit Entity Survey 4.3. Ongoing Supervision 4.4. Key Performance Indicators 4.5. Internal Quality Assessments 4.6. External Quality Assessments 5. PROMOTION OF INTERNAL AUDIT AND KNOWLEDGE MANAGEMENT 5.1. Promotion of Internal Audit 5.2. Knowledge Management File Organization Benchmarking Glossary of Terms Public Expenditure Management Peer-Assisted Learning (PEM-PAL) The Institute of Internal Auditors (IIA) Membership APPENDICES Appendix 1 Structure of the Strategic Audit Plan Appendix 2 Structure of the Annual Audit Plan Appendix 3 Structure of the Final Audit Report Other Potential Appendices 4

5 PREFACE This template is the product of a process of exchange of ideas and information among members of the Internal Audit Community of Practice (IA CoP), of the Public Expenditure Management Peer-Assisted Learning (PEM-PAL) network. The PEM-PAL network, launched in 2006 with the help of the World Bank, is a regional body that aims to support reforms in public expenditure and financial management in twenty countries in Central Asia and Central Eastern Europe by promoting capacity building and exchange of information. IA CoP, one of the three Communities of Practice around which the network is organized, has representatives from 21 countries of the Europe and Central Asia region. In its Strategic Plan, IA CoP set out to have members share their internal audit manuals, learn about differences and similarities and develop a good practice internal audit manual template that could be shared among it members. The purpose of this strategic objective was to assist member countries to establish or improve an internal audit function. This template is the end result of an extensive collaborative process, which included participation from member countries, partners and donors organized in the Internal Manual Development Working Group under the IA CoP. It is the hope of the PEM-PAL network and IA CoP that users of this template will find it informative and useful in advancing the reforms of public sector internal audit. 5

6 ACKNOWLEDGEMENTS This template was the combined effort of a number of individuals and groups who shared their time and expertise to make it a reality. Specifically, IA CoP would like to recognize the following key contributors: Ljerka Crnković, Croatia, Acting Chair of the IA CoP and Group Leader on Fundamentals and Quality Control Jean-Pierre Garitte, OECD/SIGMA Albana Gjinopulli, Albania, Acting Vice-President on the Content of the IA CoP and Group Leader on Execution and Tools Jasenka Mičetić, Croatia, Group Leader on Planning and People Tomas Mičetić, fomer Chair IA CoP Cristina Scutelnic, Moldova, Acting Vice-Chair on Operations of the IA CoP and Group Leader on Reporting, Knowledge Management and Interaction with Others Arman Vatyan, World Bank, Lead of IA CoP Joop Vrolijk, OECD/SIGMA 6

7 ACRONYMS CAE CHU EC EU FMC GAIN HR IA CoP IIA INTOSAI IPPF ISSAI IT NAO OECD OLAF PEM-PAL SAI SIGMA Chief Audit Executive Central Harmonization Unit European Commission European Union Financial Management and Control Global Audit Information Network Human Resources Internal Audit Community of Practice Institute of Internal Auditors International Organization of Supreme Audit Institutions International Professional Practices Framework International Standards of Supreme Audit Institutions Information Technology National Audit Office Organisation for Economic Co-Operation and Development European Anti-Fraud Public Expenditure Management Peer Assisted Learning Supreme Audit Institution Support for Improvement in Governance and Management 7

8 INTRODUCTION This Internal Audit Manual template is designed to serve as a reference guide, which can be used to assist internal audit professionals in the public sector to prepare an internal audit manual for their organization. It has a modest aim of providing good practice recommendations on how to approach the important task of producing such a manual, in order to further strengthen internal audit in the public sector and promote good corporate governance and accountability. The template is not meant to be prescriptive, and users should bear in mind that the structure and content of the final manual will be dependent upon the size and complexity of the organization. Most importantly, it is ideal to ensure that the manual is based on internationally recognized and relevant local standards, as well as current best practices. Audit manuals are living documents that must adapt to changes with time. Therefore, the manual should be revised and updated periodically where substantial changes occur in the legal and regulatory framework, professional standards, codes of ethics, and internal audit policies and procedures. While there was no prescribed method of ordering the sections in this template, every effort was made to provide a systematic and logical flow, beginning with the fundamentals of internal auditing, through the internal audit process, and concluding with ideas on sharing and managing knowledge. In each section, every effort was made to ensure that recommendations were based on key principles set forth in the Institute of Internal Auditor s International Professional Practices Framework, and current international best practices. This template should be viewed as a work-in-progress of the Internal Audit Community of Practice (IA CoP), one of three Communities of Practice (CoPs) of the Public Expenditure Management Peer-Assisted Learning (PEM-PAL) network. Therefore, the template will be revised periodically to incorporate new ideas, developments and emerging best practices in the internal auditing community. 8

9 1. INTERNAL AUDIT FUNCTION - FUNDAMENTALS 1.1. Definition of Internal Auditing The definition of internal audit at the beginning of the manual serves as the unifying backbone of the entire document. The definition should clearly establish the aims and parameters, which will guide the policies and procedures that are outlined in the manual. There are multiple sources of definitions of internal audit, including that of the Institute of Internal Auditors (IIA). Whatever definition is chosen must include, at a minimum, a reference to the independent and objective nature of this function, along with the goal of assisting the organization in achieving its objectives as they relate to risk management, control and governance Internal Audit, Fraud and Corruption Given that there is often some confusion regarding internal audit, fraud and corruption, the role of internal audit with regard to fraud and corruption should be explained. Although internal audit s assurance can have a serious impact on the prevention and detection of fraud, internal audit is never responsible for any type of fraud or anti-corruption program (awareness, prevention, detection, investigation). Nevertheless, it can play an important role in any of them in an advisory or consulting capacity as part of fraud awareness exercises, or providing advice in a fraud investigation because of its expertise in the controls area. In an environment in which there is an expectation of internal audit undertaking responsibility in either of these areas, it is good practice to describe in detail the relationship between internal audit (third line of defense) and those with existing responsibilities with regard to fraud and corruption (first or second line of defense) Internal Audit and Other Areas of Financial Management and Control If there are existing ambiguities, or it is expected that ambiguities may arise, between the role of internal audit and other areas of Financial Management and Control, then an explanation of risk and control concepts, including ownership is recommended. Reference can be made to the three-lines-of-defense model, whereby differences can be explained between: the first line of defense (internal control measures and management supervision; the second line of defense 9

10 (supporting functions such as financial inspection, risk management, and quality control); and the third line of defense (internal audit). In addition, a clear definition of inspection and an explanation of its relationship to internal audit should be provided Requirement for Internal Audit The requirement for an organization to have an internal audit function depends on the regulatory or legislative stipulations concerning the entity Legal and Regulatory Requirement The manual must clearly outline the legal and regulatory requirement for internal audits. Legal and regulatory requirements are typically found in various Acts of Parliament, Ministerial Orders, Directives, and Statutory Instruments. Specific reference should be made to the relevant laws and regulations, including European Legislation (if applicable). Subsequent changes to the regulatory framework should be incorporated. All public sector entities (budget spenders) that fall into the scope of internal audit according to the regulatory framework must be included Legislative and Oversight Bodies The manual should clearly state the legislative and oversight bodies to which the internal audit function is subject or to which it has a specific relationship. Due consideration should be given to outlining the relationships with relevant ministries (example Ministry of Finance), the Central Harmonization Unit (CHU), the National Audit Office (NAO) or Supreme Audit Institution (SAI). Further, all public sector entities that fall within the scope of internal audit according to the regulatory framework should be included. The reporting lines of internal audit, both administrative and functional, to senior management, the audit committee (if any), CHU and the parliament should be explained. Reporting lines outside the organization shall also be mentioned (if applicable). In addition, it is recommended that this section include a chart, which summarizes these relationships and lines of reporting in order to provide further clarification. 10

11 Responsibilities and Mandate The mandate for internal audit should be detailed in the Internal Audit Charter, which is a formal and comprehensive document. The responsibilities of the internal audit function should be specifically stated in order to provide a comprehensive rationale for the existence of internal audit separate from that provided by the legal and regulatory framework. Internal audit s role and contribution to the organization should be clearly explained. The manual should describe how internal audit will assist the organization in achieving its goal and reflect senior management s vision for the organization Authority, Organization and Interaction with Others While establishing the authority, organization and interaction with others of the internal audit function is important in and of itself, it also has implications for the independence of the internal audit function Authority and Rights of Access In addition to the authority of the internal audit function established in the audit charter, the manual should further elaborate on this authority, including the rights of access to information, people and assets Authority The position of internal audit within the organization should be stated and the authority of internal audit should be made clear. This should include the authority invested in the Chief Audit Executive (CAE). In addition to positional title, the authority of the CAE is highly influenced by perceived and actual status or influence, as well as access to resources. Therefore, the CAE should have a high enough status to have valuable and effective discussion on audit strategies, plans, results and improvement recommendations with senior management. Likewise, adequate budget and other resources should be available to the CAE to oversee and carry out the annual work program. It may be useful to encapsulate these areas in the manual when outlining the authority of internal audit within the organization. This section shall include the responsibilities of the CAE. They consist of, but are not necessarily limited to, the following duties: Ensure that internal audit adds value to the organization Develop consistent risk-based audit plans 11

12 Obtain approval from senior management and the audit committee on the charter, the budget and the plan Obtain adequate skills and resources for the planned audit engagements Develop adequate detailed audit procedures (in accordance with the internal audit manual) Coordinate with other external and internal assurance providers Periodically report to senior management, the CHU and the audit committee (if applicable) Rights of Access Internal auditors have unlimited access to information, people and assets and where this is clearly stated in the internal audit law or the audit charter it should be referenced. The manual shall clarify the situations in which this right is valid, for example, only in the case of the execution of an audit mission. Internal auditors may use audit software or data extraction tools to access data. The manual should detail how to use these tools to accomplish the specified objectives. It should be stated that access shall not occur on live data but on copies and that auditors shall at all times have read-only access. Internal auditors shall always demonstrate respect for the organization s culture and habits. It should be stated that with regard to unlimited access to information, internal auditors should adhere to the confidentiality principle in the code of ethics. In addition, access does not necessarily mean that internal audit has the right in all situations to download or copy sensitive or classified information as is the case with the military. Specify that, with regard to unlimited access to people, internal auditors have the right to interview employees without formally respecting the hierarchical lines. Outline that, with regard to assets, internal auditors should respect the organization s procedures to access certain assets. For example, in the case of liquid assets (cash), the organization may wish to provide access only if accompanied by another member of staff. The manual must also state the steps to be taken when the auditee is denying the right of access to information, people or assets Organizational Structure This section should clarify the way the internal audit function is organized. 12

13 The various stakeholders of internal audit (senior management, audit committee, budget spenders, operational management, national audit office, audit authority, and parliament) may be defined. Specific attention must be given to the various positions, functions and roles within the internal audit function, but only when they exist and are applicable. Positions to consider including are: Head of Internal Audit, Manager, Senior Auditor, Junior Auditor, and Assistant. Some specific functions are: methodology, quality, and information technology (IT) audit. While an engagement role could be team leader. A job description of each applicable position, function, and role should be included so as to comprehensively document tasks and responsibilities. Specific attention shall be given to situations in which internal audit consists of a small number of people Interaction with others The role of internal audit requires extensive interaction within and outside the organization with multiple groups of individuals and stakeholders. It is prudent to document how such interactions will be managed and conducted Senior Management Internal audit is by tradition a management tool, the eyes and ears of management. The role of internal audit with regard to management should be explained, especially with regard to the independence of internal audit. In addition, the privileged relationship and structured or ad hoc meetings with senior management should be described Audit Committee The interaction with the audit committee is still a fairly new phenomenon in the public sector. Nevertheless, when it has been established, the relationship should be described as well as the audit committee s scope of duties and responsibilities Supreme Audit Institution The Supreme Audit Institution may rely on the work of internal audit. In many instances, it may want to obtain some assurance on the quality and independence of the internal audit function. The relationship or cooperation with the Supreme Audit Institution should be described. 13

14 External Auditors In some cases (for example with regard to state owned companies), internal audit may have to cooperate with external auditors. This relationship and the terms of engagement should be described Audit Authority If a country benefits from European Union (EU) funds, internal audit may also have to cooperate with the National Audit Authority that reports directly to the European Commission. This relationship should be described. Further, if there are any duties related to EU funds, for example in relation to the Audit Authority or European Anti-Fraud Office (OLAF), these should be clearly explained Central Harmonization Unit (CHU) The Central Harmonization Unit (CHU) provides guidance on methodology to the internal audit function and monitors the quality of the internal audit function. The specific relationship between the CHU and the internal audit function must be explained in the internal audit manual, especially with regard to what internal audit may or may not expect from the CHU Budget Spenders Budget spenders are in principle the audit objects or auditees vis-à-vis the internal audit function. There is sometimes an expectation on the part of budget spenders that internal audit is their consultative body. Therefore, the manual should explain the relationship when it is more than an audit object Other Assurance Providers Special relations may be established with other internal assurance providers. Although these other internal assurance providers must also be considered as audit objects, their relationship with internal audit is special because of some coordinated approach to specific risk areas. The manual should detail how the interactions with these providers will be conducted External Experts During an audit, internal audit may need to call upon the expertise of external experts or consultants. The relationship with external experts (if applicable) should be described. 14

15 Law Enforcement Authorities The relationship of internal audit with law enforcement authorities shall be described, with due consideration given to the specific legal framework of the country Financial Inspection Services The relationship between internal audit and the Financial Inspection Services shall be described, taking into consideration the specific legal framework of the country Scope of Services Internal audit generally provide two main services: assurance (audit services) or consulting (advisory) services. The framework for and approach to both types of services are distinct and the internal audit manual must clearly explain and outline this. Audits can be driven by various objectives: Financial Regularity Compliance Operational Value for Money Systems Program Result Performance IT Fraud The differences in objectives and deliverables in each type of audit should be comprehensively described. Further, it should be emphasized that the final responsibility to follow-up on and implement the results of internal audit activities rests with management. Consulting services are based on specific requests, and so the process for consulting services must be explained, especially whether a request for consulting services needs to be formalized or whether it can be requested on an informal basis. It shall be made clear in the manual that the final responsibility for implementing advice made by internal audit is with management. Where consulting services relate to internal control it should be made clear that this remains the responsibility of management. 15

16 2. INTERNAL AUDIT POLICIES 2.1. Overview Internal audit professionals are required to behave to the highest ethical and professional standards in conducting and carrying out their work. The internal audit manual must outline in detail the codes of ethics and professional standards to which internal audit will adhere. With regards to codes of ethics and professional standards, the manual should list the various sources providing guidance, which may include but is not limited to: Civil Service Codes, Staff Rules and Regulations, standards promulgated by the IIA, standards issued by INTOSAI and national standard setting bodies, among others Professional Ethics Internal auditors must operate in conformity with applicable codes of ethics. The Institute of Internal Auditor s (IIA s) Code of Ethics, which form part of the International Professional Practice Framework (IPPF), are mandatory guidance considered essential to the professional practice of internal auditing for all its members. The manual should state whether these will be the code of ethics to be adhered to, and whether they will be supplemented by national professional codes of ethics and the organization s codes of ethics. Detailed incorporation of the relevant codes may not be needed. A complete rendering of the applicable codes of ethics may be included in an attachment, or links provided to the web-sites where they are maintained Professional Standards The audit manual should specifically state the professional standards, which will be abided by in fulfilling the responsibilities of all internal auditors and all internal audit activities. These standards shall include the International Standards for the Professional Practice of Internal Auditing as set forth by the IIA. In addition, the manual should refer to relevant national standards and other applicable standards such as International Standards of Supreme Audit Institutions (ISSAI) issued by INTOSAI. 16

17 It is not necessary to include each standard in the manual and an attachment or link to the relevant website would be sufficient. It may not be advisable to incorporate the detailed international standards in national legislation, as these standards are updated on a regular basis, which would in turn require changes to national legislation Professional responsibilities Independence and objectivity are essential components of effective internal auditing activities. The internal audit charter must establish the organizational independence and authority of internal auditing and reference of this should be made in the manual Independence The manual should outline and explain the functional and administrative reporting lines as well as their related independence issues. Functional relationship includes the scope of internal audit, the approval of annual audit plans and budget. The administrative relationship relates to all employer-employee issues, for example annual leave, and training and travel approval to name a few. This section of the audit manual should describe processes related to actions involving internal auditors. In doing so, the manual should make a distinction between the actions of the CAE and other internal auditors. In addition, it is recommended that the manual cover: appointment of internal auditors; the setting of objectives and performance evaluation of internal auditors; the promotion of internal auditors; the grades of internal auditors; and the removal of internal auditors. While internal auditors do not have operational responsibility and therefore cannot tell others in the organization what to do, they do have moral authority. The manual should explain how this perception could be handled. In principle, internal auditors should be free from any scope limitations. The section of the manual shall specify the process to be followed in any situation whereby a scope limitation is imposed on internal audit Objectivity Objectivity relates to the mental attitude with which the internal auditor approaches the engagement, and the manual should stress the need for an impartial and un-biased attitude at all times. In addition, the manual must outline the critical requirement to avoid conflict of interest situations that would prejudice internal auditors ability to perform their duties objectively. 17

18 2.5. Proficiency and Due Professional Care The quality, effectiveness and efficiency with which the internal audit is conducted are directly dependent on the skills, knowledge and competency of internal auditors and their exercise of due professional care Proficiency The manual should emphasize that internal auditors must have the knowledge, skills and other competencies to perform their duties. As such, the manual may provide descriptions of the relevant qualifications, recruitment policies, competency framework, training and certification, continuing professional development, objectives setting and performance evaluation, career planning and co-sourcing arrangements that would enhance the proficiency of internal auditors Qualifications It is important to pay attention to the required qualifications for internal auditors. These qualifications may be linked to the various levels within the internal audit function. In the public sector, required qualifications are generally supported by legislative acts. The ability to communicate clearly and effectively is very important to internal auditors. Therefore, soft skills, which relate to communication (interviewing, presentation and reporting techniques) and an analytical way of thinking should be emphasized Recruitment Many recruitment models can be used and internal audit functions may recruit talents: Directly from university (young graduates), From the private sector, with some years of experience, From operational departments within the organization to acquire certain technical skills, From other public sector organizations. Recruitment in the public sector varies by country and may be subject to legislation or regulation. Where this is the case, the manual should make mention of the relevant legislation/regulation or provide a link to the web-site Competency Depending on the size of the internal audit function, it may be recommended to have a small and pragmatic competency framework included in the internal 18

19 audit manual. In the case of small internal audit units, a practical approach should be elaborated in the manual Training and Continuing Professional Development Initial proficiency in applying internal auditing standards, procedures and techniques need to be continuously developed and improved. The manual should describe the arrangements to be put in place for training and continuing professional development of internal auditors in order to enhance their knowledge, skills and other competencies Training The manual should outline how staff training will be organized, for example: Whether according to a well-developed and balanced internal audit curriculum, Whether training courses will be organized internally and/or externally, or Whether courses are mandatory for internal auditors. Global or national certifications may be required by law or by an individual organization. The following global certifications should be recognized: Certified Internal Auditor (link to the certifying body should be provided), Certification in Control Self-Assessment (link to the certifying body should be provided), Certified Information Systems Auditor (link to the certifying body should be provided), Certified Financial Services Auditor (link to the certifying body should be provided), Certified Government Audit Professional (link to the certifying body should be provided) Continuing Professional Development Once auditors are trained, the organization should take care of the continuing professional development of its internal auditors. The head of the organization has to provide support for the continuing development of internal auditors. 19

20 The Head of internal audit unit should ensure that there are opportunities for training in a systematic manner and should develop an annual training plan that is based on the individual needs of each auditor. Training should include access to audit topics as well as areas covering new processes, systems and products within the organization. The minimum annual training hours per auditor may be indicated in the audit manual Objectives Setting and Performance evaluation The internal audit function shall develop its long-term and short-term (annual) objectives in agreement with senior management and the audit committee. Objectives shall also be set for every single internal auditor, and their individual performance shall be measured against these objectives Career Planning Some internal auditors make their career inside internal audit and remain there for a long period, while others use internal audit as a stepping stone in their career. In both cases it is essential to develop a proper career plan for all internal auditors. Where internal audit is being used as a training ground for young talents and future managers, a proper agreement needs to be reached with senior management and human resources. This section is optional and depends on the Human Resources (HR) policies of the organization Co-Sourcing Arrangements Due to issues of effectiveness, efficiency and economical reasons, the organization may decide to co-source the internal audit function, whereby specialists will be hired to perform part of the (technical) engagement together with the internal audit staff. For all co-sourced internal audit functions an agreement should be drafted. The internal audit function may also call upon guest auditors to temporarily join their team on a specific engagement. Guest auditors should always be independent of the process under audit. It may also be envisaged to set up certain specialized functions (such as IT audit) that may serve more than one organization. 20

21 Due Professional Care Due professional care refers to the degree of care and skill that an internal auditor should apply in conducting internal audit activities, and is a sensitive standard to comply with. It relates to proper diligence and is challenging to describe fully. A lack of professional care may be considered equal to gross negligence and could lead to the dismal of the CAE (or a subordinate), and in some situations could result in penalties or imprisonment. Reasonable care does not mean infallibility, though this is often the perception when fraud occurs. The manual should describe a few items that deserve special attention from the internal auditor. Internal auditors should consider: What can go wrong in a specific process? How could a person commit fraud? What are the key controls and how could they be bypassed? The manual may provide examples of situations that demonstrate lack of due professional care. 21

22 3. INTERNAL AUDIT PROCEDURES 3.1. Planning Planning provides a systematic approach to the internal audit work and requires knowledge and competency in a broad number of areas such as risk and internal control Audit Universe The audit universe is the starting point for the internal audit plan and includes all things auditable. It is the overall scope of the internal audit function and is the totality of auditable processes, functions and locations. The manual should include a broad clarification of how to approach the audit universe. Approaches may be horizontal (following the flow of a process or transaction, example, the procurement cycle), vertical (following a department s activities or focusing on a remote location, example, all activities within the procurement department only), or a combination of both (a thematic approach in all locations and departments, example, the approval of annual leave). The manual should describe the process of defining the audit universe, bearing in mind that the detailed audit universe is dynamic, and constantly impacted by new processes, units, projects and risks. Therefore, it is recommended that the detailed universe be included as an annex to the manual. Components to consider in the process of defining the audit universe may include: Key Processes - are critical in supporting the organization s objectives. For example, the process of collecting taxes within the Ministry of Finance. Critical Control Areas - for example, in the purchasing cycle, a critical control area is the three-way match between purchase order, receiving document and invoice. Material Value how this principle is being applied for the selection of components in the audit universe must be explained when it is used as a criterion. It is important to keep various components of the audit universe manageable from an audit perspective. Components that are too large may blur the focus on top risks, while components that are too small may not lead to significant conclusions. 22

23 Risk Assessment Methodology The purpose of risk assessment is for internal audit to give priority to higher risks for the organization. Therefore, the risk assessment methodology is one of the cornerstones of internal audit activities. It is mandatory to reflect on and to describe the risk assessment process in detail in the manual. In this section of the manual, note that the methodology should cover: Identification and definition of appropriate risk categories Identification and definition of risk criteria for impact and probability, which needs to be done ahead of the risk assessment exercise. Consider that probability may be replaced by vulnerability, which might be easier to understand and rate. Definition of risk scoring content and an explanation of the rationale for assigning a score of high, medium or low to a particular risk. When a scoring system is used, middle scores should be avoided, despite the tendency to go for middle scores in attempt to avoid personal risk and difficult discussions. The manual should highlight that the results of risk assessments done by other parties within the organization (for example risk management) should be considered by internal audit. In addition, internal audit should solicit input from senior management when making its risk assessment. This input may be obtained via interviews or through participation in a workshop. The manual should specify that all risks must be prioritized based on the results of the risk assessment, and this prioritized list of risks must form the basis to develop the annual internal audit plan Strategic Audit Plan The CAE is required to develop the long-term strategic plan for the internal audit function. Long-term may represent a period of 3 to 5 years. Long-term strategic objectives of the internal audit function should be fully described in the manual. These internal audit objectives should be clearly linked to the organization s goals and must be updated annually. It is good practice that the achievement, partial or full, of these objectives should be measurable. It is imperative to obtain senior management s buy-in, and senior management and the audit committee (if applicable) are responsible for approving the plan. Given the comprehensive nature of the strategic audit plan, a sample structure of the plan may be added in the annexes to the manual. 23

24 Annual Audit Plan The CAE is responsible for developing a risk-based annual audit plan. This annual audit plan should be based on the strategic audit plan, which was driven by the results of the risk assessment. The required number of man days must be estimated for all audit objects, and based on the available resources, internal audit should draw a line on that prioritized list to determine what should be audited in the upcoming and year. Include a provision for a realistic number of man-days for ad hoc (unplanned) audits, which may be based on the experience gained from the previous years. Estimate additional costs (for example, travel costs or hiring external resources) in order to prepare the audit budget for the upcoming year. The manual should emphasize that the proposed audit plan is to be submitted to senior management and the audit committee (if applicable) for approval and/or ratification. The annual plan should be revised during the year if circumstances justify, in order to reflect changed priorities, whether due to changed risk factors or urgent requests from senior management (or audit committee if applicable). A sample structure of the annual internal audit plan may be added in the annexes to the manual Annual Audit Budget The manual should make clear that it is mandatory to establish an annual budget. The budget should include: staff headcount (including temporary and outsourced resources), audit mission related travel costs, training costs and IT costs, to name a few. The proposed budget should be submitted to senior management and the audit committee (if applicable) for approval and/or ratification Coordination with Other Assurance Providers In preparing its annual audit plan, internal audit should pursue coordination with other internal and external assurance providers. The objective of this coordination is to create synergy, while avoiding duplication and uncovered critical gaps. External assurance providers include external auditors, the NAO, and the Audit Authority. Internal assurance providers include units responsible for the second line of defense that is, financial inspection, quality, and risk management. 24

25 3.2. Execution The manual should include a flowchart of the execution process. Further, the manual should emphasize the importance of proposing a strict schedule for the various key components of the audit process such as planning, fieldwork and reporting. The final report should be issued soon after the end of the fieldwork, and the timeframe in which this should be done must be specified in the manual Audit Engagement Planning Engagement planning involves gaining an understanding of the objectives, processes, risks and controls of the audited entity and the activities to be audited Staffing the audit One of the first items to plan is the composition of the audit team, based on required skills and experience. The responsibility for the selection of the team should be described. A grid with selection criteria for team members may be included in the manual. Prior to the start of the audit, a service order (letter of appointment) must be issued to internal auditors appointing them to the audit, and notification sent to the entity where the audit will take place. An example of a notification form may be included in the manual Opening Meeting At the start of the audit a kick-off (opening) meeting must be organized with the entity of the auditee. At a minimum, the meeting will cover the objectives of the audit, the timing of the audit and the information that will be requested from the auditee. A standardized presentation may be used for this purpose. In this meeting, areas of concern should be solicited from the auditee. Internal auditors should make notes on the issues discussed and these notes will become part of the audit file Tools There are a variety of tools that the internal auditor will use throughout the audit assignment and the manual should describe and explain the more common ones. Consideration should be given to: Flow Charting - internal auditors may use flowcharts to obtain a better understanding of the flow of a transaction through a process. A simple 25

26 system, procedure or process can be illustrated with a flowchart and eventually added in the annex. The manual should explain the proper symbols to use and how to use the flowcharting software. Risk Assessment Tool - whether the internal audit function is utilizing a more sophisticated risk assessment software tool or a simplified Excel sheet, the internal manual should describe and explain how they are used. Data Query Tools - data query or data mining tools have become a normal part of the auditor s toolkit. The manual should explain how to use them. Audit Sampling - though sampling has been substantially automated over the years, it is essential for auditors to know when to use which sampling techniques. Sampling techniques should be explained in the manual. Audit File Administration - audit file administration must be in line with national regulations and rules on documentation. Audit software tools can help the internal audit function to manage its file administration, from the planning phase through execution of the fieldwork to the final audit report, and a follow-up phase may be integrated. The manual should clearly outline processes and procedures for audit file administration, that is, hard copy file administration and IT audit file administration Preliminary Survey Every audit engagement must be preceded by a preliminary survey and the ultimate objective of this survey is to obtain a good understanding of the audited entity and its operations. The purpose of the preliminary survey is to obtain more detailed information about the process (or parts of the process) that will be audited, and more specifically about the risks inherent to the process and about key controls. The manual should provide a list of common information that needs to be gathered during the preliminary survey. Specific information will depend on the audit objectives. During the preliminary survey internal auditors are expected to acquire a full understanding of the criteria (or standards) used by the auditee to measure the performance of the process under audit. If the internal auditors cannot find evidence of adequate measurement criteria, the manual shall describe the procedures to establish criteria (based on good practices or the auditors experience) and seek agreement with the auditee on these criteria. At the end of the preliminary survey, the audit team should be able review the original risk assessment made when preparing the annual audit plan. If the 26

27 results are substantially different, the internal auditors must revise their original assessment so as to develop clear and focused audit objectives Audit Objectives and Audit Scope The audit objectives and audit scopes are crucial components of the audit plan and care must be taken when establishing them. In developing the audit scope, internal auditors should make every effort to set up clear and achievable objectives. These should be based on the results of the preliminary survey as well as the objectives established in the annual audit plan. The manual should state that audit objectives should be directly linked to the risk that triggered the audit s inclusion in the annual audit plan. For example, if the risk was related to the effectiveness of a certain process, the audit objectives should not focus on compliance issues. In addition, the manual should provide a few examples on how to develop good audit objectives. It is essential to link the audit objectives to (generally accepted) organization or department control objectives, so that senior management can acknowledge the risks they have identified as important to them. Once the audit objectives have been clearly defined, internal auditors must focus on the scope of the audit, that is, what areas will be reviewed in the audit. The scope may relate to time period, branches, or IT process to name a few. It is the responsibility of internal audit to decide on a scope limitation, although the auditee may suggest that the auditors not review a particular area, for example an IT system that will be replaced in a few months. The manual should emphasize that, in all cases, the scope should be sufficient enough to achieve the audit objectives Audit Program Once the audit objectives and scope have been defined, internal audit are required to develop an audit program. The audit program is unique for a specific audit engagement, therefore a standardized template or program should not be used, except in the case of recurring audits (for example, regional or branch audits). The manual should indicate the various steps to be undertaken to match the respective audit objectives (for example used methodologies and techniques, time schedule, segregation of duties, audited period and type of audit). 27

28 Audit Field Work The detailed procedures for collecting, analyzing, interpreting, and documenting information to achieve the audit objectives take place during audit fieldwork Working Papers Internal auditors need to document audit work to support their conclusions, and to facilitate management review and supervision. Also, documentation facilitates quality assurance, peer reviews, and may provide useful input to other audit missions in the same area. The manual should specify the content of the working papers, labels and cross references, as well as the process of supervisory approval. Audit documents are to be kept in files, which are to be organized in a standard manner to facilitate their use by managers when reviewing audit working papers, and any other authorized person requiring access to them. The indexing of the documents should be specified in the audit manual. Two sets of files should be maintained - the permanent file and the current file. Permanent file should contain all information that is relevant to generally understand the unit (function) and does not change from year to year. Current file should contain only the information required to document the findings and to support the conclusions of a specific audit engagement Executing the Audit Program In conducting the fieldwork, internal auditors carry out the steps that have been agreed to and approved in the audit program Audit Approaches The approach to system based audits should be described Internal Audit Techniques The manual should include a description of the various internal audit techniques, including their strengths and weaknesses. These techniques may include, but are not limited to: Verification 28

29 Recalculation Observation Interview Questionnaires Checklists Sampling Testing of controls Substantial testing Analytical procedures Walk-through testing A more detailed description and approach should be given in annexes Internal Control Assessment The manual may contain guidance on how to assess the adequacy and effectiveness of controls. This should include manual controls, general IT controls, and specific application controls. Detailed guidance on how to achieve this goal may be described in the annexes Audit Evidence The manual may contain guidance on how to obtain the best available audit evidence. The various kinds of evidence may be explained. All collected audit evidence must be part of the audit file Supervising the Audit Supervision applies to internal audit engagements and various administrative and training aspects. The CAE must determine by whom and at what level the supervision of the audit engagement should be performed and this should be specified in the manual. The most experienced internal auditor of the team (organization) is usually responsible for supervision activities. Supervision related to audit engagements must be traced in the audit working papers. Special guidance must be given on how to deal with supervision in small or single person internal audit activities. 29

QUAๆASSURANCE IN FINANCIAL AUDITING

QUAๆASSURANCE IN FINANCIAL AUDITING Table of contents Subject Page no. A: CHAPTERS Foreword 5 Section 1: Overview of the Handbook 6 Section 2: Quality Control and Quality Assurance 8 2. Quality, quality control and quality assurance 9 2.1

More information

INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS)

INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS) INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS) Revised: October 2012 i Table of contents Attribute Standards... 3 1000 Purpose, Authority, and Responsibility...

More information

INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS)

INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS) INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS) Introduction to the International Standards Internal auditing is conducted in diverse legal and cultural environments;

More information

Effective Internal Audit in the Financial Services Sector

Effective Internal Audit in the Financial Services Sector Effective Internal Audit in the Financial Services Sector Recommendations from the Committee on Internal Audit Guidance for Financial Services: How They Relate to the Global Institute of Internal Auditors

More information

B o a r d of Governors of the Federal Reserve System. Supplemental Policy Statement on the. Internal Audit Function and Its Outsourcing

B o a r d of Governors of the Federal Reserve System. Supplemental Policy Statement on the. Internal Audit Function and Its Outsourcing B o a r d of Governors of the Federal Reserve System Supplemental Policy Statement on the Internal Audit Function and Its Outsourcing January 23, 2013 P U R P O S E This policy statement is being issued

More information

Establishing a Quality Assurance and Improvement Program

Establishing a Quality Assurance and Improvement Program Chapter 2 Establishing a Quality Assurance and Improvement Program O v e rv i e w IIA Practice Guide, Quality Assurance and Improvement Program, states that Quality should be built in to, and not on to,

More information

Internal Audit Manual

Internal Audit Manual Internal Audit Manual Version 1.0 AUDIT AND EVALUATION SECTOR AUDIT AND ASSURANCE SERVICES BRANCH INDIAN AND NORTHERN AFFAIRS CANADA April 25, 2008 #933907 Acknowledgements The Institute of Internal Auditors

More information

BOARD OF EDUCATION OF BALTIMORE COUNTY OFFICE OF INTERNAL AUDIT - OPERATIONS MANUAL INTERNAL AUDIT OPERATIONS MANUAL

BOARD OF EDUCATION OF BALTIMORE COUNTY OFFICE OF INTERNAL AUDIT - OPERATIONS MANUAL INTERNAL AUDIT OPERATIONS MANUAL BOARD OF EDUCATION OF BALTIMORE COUNTY INTERNAL AUDIT OPERATIONS MANUAL BACKGROUND The Office of Internal Audit Operations Manual was developed to be used as a guide and resource for the Office of Internal

More information

Standards for the Professional Practice of Internal Auditing

Standards for the Professional Practice of Internal Auditing Standards for the Professional Practice of Internal Auditing THE INSTITUTE OF INTERNAL AUDITORS 247 Maitland Avenue Altamonte Springs, Florida 32701-4201 Copyright c 2001 by The Institute of Internal Auditors,

More information

Internal Audit Standards

Internal Audit Standards Internal Audit Standards Department of Public Expenditure & Reform November 2012 Copyright in material supplied by third parties remains with the authors. This includes: - the Definition of Internal Auditing

More information

Internal Audit Quality Assessment Framework

Internal Audit Quality Assessment Framework Internal Audit Quality Assessment Framework May 2013 Internal Audit Quality Assessment Framework May 2013 Crown copyright 2013 You may re-use this information (excluding logos) free of charge in any format

More information

Internal Auditing Guidelines

Internal Auditing Guidelines Internal Auditing Guidelines Recommendations on Internal Auditing for Lottery Operators Issued by the WLA Security and Risk Management Committee V1.0, March 2007 The WLA Internal Auditing Guidelines may

More information

SECTION B DEFINITION, PURPOSE, INDEPENDENCE AND NATURE OF WORK OF INTERNAL AUDIT

SECTION B DEFINITION, PURPOSE, INDEPENDENCE AND NATURE OF WORK OF INTERNAL AUDIT SECTION B DEFINITION, PURPOSE, INDEPENDENCE AND NATURE OF WORK OF INTERNAL AUDIT Through CGIAR Financial Guideline No 3 Auditing Guidelines Manual the CGIAR has adopted the IIA Definition of internal auditing

More information

INTERNAL AUDIT MANUAL

INTERNAL AUDIT MANUAL དང ལ ར ས ལ ན ཁག Internal Audit Manual INTERNAL AUDIT MANUAL Royal Government of Bhutan 2014 i i ii ii Internal Audit Manual དང ལ ར ས ལ ན ཁག ROYAL GOVERNMNET OF BHUTAN MINISTRY OF FINANCE TASHICHHO DZONG

More information

Practice guide. quality assurance and IMProVeMeNt PrograM

Practice guide. quality assurance and IMProVeMeNt PrograM Practice guide quality assurance and IMProVeMeNt PrograM MarCh 2012 Table of Contents Executive Summary... 1 Introduction... 2 What is Quality?... 2 Quality in Internal Audit... 2 Conformance or Compliance?...

More information

Internal Audit. Audit of HRIS: A Human Resources Management Enabler

Internal Audit. Audit of HRIS: A Human Resources Management Enabler Internal Audit Audit of HRIS: A Human Resources Management Enabler November 2010 Table of Contents EXECUTIVE SUMMARY... 5 1. INTRODUCTION... 8 1.1 BACKGROUND... 8 1.2 OBJECTIVES... 9 1.3 SCOPE... 9 1.4

More information

PRACTICE ADVISORIES FOR INTERNAL AUDIT

PRACTICE ADVISORIES FOR INTERNAL AUDIT Société Française de Réalisation, d'etudes et de Conseil Economics and Public Management Department PRACTICE ADVISORIES FOR INTERNAL AUDIT Tehnical Assistance to the Ministry of Finance for Development

More information

INTERNAL AUDIT CHARTER AND TERMS OF REFERENCE

INTERNAL AUDIT CHARTER AND TERMS OF REFERENCE INTERNAL AUDIT CHARTER AND TERMS OF REFERENCE CHARTERED INSTITUTE OF INTERNAL AUDIT DEFINITION OF INTERNAL AUDIT Internal auditing is an independent, objective assurance and consulting activity designed

More information

Office of the Director of Audit. Harmonized Audit Manual

Office of the Director of Audit. Harmonized Audit Manual Office of the Director of Audit Harmonized Audit Manual December 2009 Printed in December 2009 First Edition, December 2009 Offices of the Directors of Audit OECS Countries Harmonized Audit Manual Page

More information

Department of Audit and Compliance. Quality Self-Assessment

Department of Audit and Compliance. Quality Self-Assessment Department of Audit and Compliance Quality Self-Assessment November 2014 CONTENTS EXECUTIVE SUMMARY... 2 PURPOSE OF SELF-ASSESSMENT... 4 SELF-ASSESSMENT SCOPE OF WORK... 4 RESULTS OF SELF-ASSESSMENT WORK...

More information

CP14 ISSUE 5 DATED 1 st OCTOBER 2015 BINDT Audit Procedure Conformity Assessment and Certification/Verification of Management Systems

CP14 ISSUE 5 DATED 1 st OCTOBER 2015 BINDT Audit Procedure Conformity Assessment and Certification/Verification of Management Systems Certification Services Division Newton Building, St George s Avenue Northampton, NN2 6JB United Kingdom Tel: +44(0)1604-893-811. Fax: +44(0)1604-893-868. E-mail: pcn@bindt.org CP14 ISSUE 5 DATED 1 st OCTOBER

More information

Internal Oversight Division Internal Audit Manual

Internal Oversight Division Internal Audit Manual Internal Oversight Division Internal Audit Manual Updated Version November 2014 March 2015 1 1. PURPOSE... 2 2. INTERNAL AUDIT FUNCTION... 3 3. ORGANIZATIONAL STRUCTURE AND RESPONSIBILITIES... 4 3.1 THE

More information

Internal Audit Quality Assessment. Presented To: World Intellectual Property Organization

Internal Audit Quality Assessment. Presented To: World Intellectual Property Organization Internal Audit Quality Assessment Presented To: World Intellectual Property Organization April 2014 Table of Contents List of Acronyms 3 Page Executive Summary Opinion as to Conformance to the Standards,

More information

1.1 Terms of Reference Y P N Comments/Areas for Improvement

1.1 Terms of Reference Y P N Comments/Areas for Improvement 1 Scope of Internal Audit 1.1 Terms of Reference Y P N Comments/Areas for Improvement 1.1.1 Do Terms of Reference: a) Establish the responsibilities and objectives of IA? b) Establish the organisational

More information

INTERNAL AUDIT FRAMEWORK

INTERNAL AUDIT FRAMEWORK INTERNAL AUDIT FRAMEWORK April 2007 Contents 1. Introduction... 3 2. Internal Audit Definition... 4 3. Structure... 5 3.1. Roles, Responsibilities and Accountabilities... 5 3.2. Authority... 11 3.3. Composition...

More information

INTERNAL AUDITING POLICIES AND PROCEDURES MANUAL

INTERNAL AUDITING POLICIES AND PROCEDURES MANUAL INTERNAL AUDITING POLICIES AND PROCEDURES MANUAL 2 TABLE OF CONTENTS Contents A. INTERNAL AUDIT OVERVIEW... 5 A.1 RATIONALE... 5 A-2 CHARTER... 5 A-3 MISSION STATEMENT, OBJECTIVES AND VALUES... 9 A-3.1

More information

Periodic risk assessment by internal audit

Periodic risk assessment by internal audit Periodic risk assessment by internal audit I Introduction The Good Practice Internal Audit Manual Template, developed by the Internal Audit CoP of Pempal, defines the importance and the impact that an

More information

RISK ASSESSMENT IN AUDIT PLANNING. A guide for auditors on how best to assess risks when planning audit work

RISK ASSESSMENT IN AUDIT PLANNING. A guide for auditors on how best to assess risks when planning audit work RISK ASSESSMENT IN AUDIT PLANNING A guide for auditors on how best to assess risks when planning audit work RISK ASSESSMENT IN AUDIT PLANNING A guide for auditors on how best to assess risks when planning

More information

Positioning the internal audit function within the Solvency II framework Key challenges. Ludovic Bardon Senior Manager Audit Deloitte Luxembourg

Positioning the internal audit function within the Solvency II framework Key challenges. Ludovic Bardon Senior Manager Audit Deloitte Luxembourg Positioning the internal audit function within the Solvency II framework Key challenges Jérôme Sosnowski Director Governance, Risk & Compliance Deloitte Luxembourg Ludovic Bardon Senior Manager Audit Deloitte

More information

EXTERNAL AUDIT AND RELATION BETWEEN INTERNAL AUDITORS, SUPERVISORY BODY AND EXTERNAL AUDITORS OF THE BANKING SECTOR IN THE REPUBLIC OF MACEDONIA

EXTERNAL AUDIT AND RELATION BETWEEN INTERNAL AUDITORS, SUPERVISORY BODY AND EXTERNAL AUDITORS OF THE BANKING SECTOR IN THE REPUBLIC OF MACEDONIA EXTERNAL AUDIT AND RELATION BETWEEN INTERNAL AUDITORS, SUPERVISORY BODY AND EXTERNAL AUDITORS OF THE BANKING SECTOR IN THE REPUBLIC OF MACEDONIA Blagica Jovanova (blagica.jovanova@ugd.edu.mk), Dushko Josheski

More information

PRINCIPLES AND GOOD PRACTICES

PRINCIPLES AND GOOD PRACTICES ISSAI 21 The International Standards of Supreme Audit Institutions, ISSAI, are issued by the International Organization of Supreme Audit Institutions, INTOSAI. For more information visit www.issai.org

More information

Guidance Note: Corporate Governance - Board of Directors. March 2015. Ce document est aussi disponible en français.

Guidance Note: Corporate Governance - Board of Directors. March 2015. Ce document est aussi disponible en français. Guidance Note: Corporate Governance - Board of Directors March 2015 Ce document est aussi disponible en français. Applicability The Guidance Note: Corporate Governance - Board of Directors (the Guidance

More information

Audit Manual PART TWO SYSTEM BASED AUDIT

Audit Manual PART TWO SYSTEM BASED AUDIT Audit Manual PART TWO SYSTEM BASED AUDIT Table of content 1. Introduction...3 2. Systems based audit...4 2.1. Preparing for & planning the audit assignment...5 2.2. Ascertaining and recording the system...7

More information

Quality Assurance Checklist

Quality Assurance Checklist Internal Audit Foundations Standards 1000, 1010, 1100, 1110, 1111, 1120, 1130, 1300, 1310, 1320, 1321, 1322, 2000, 2040 There is an Internal Audit Charter in place Internal Audit Charter is in place The

More information

How to gather and evaluate information

How to gather and evaluate information 09 May 2016 How to gather and evaluate information Chartered Institute of Internal Auditors Information is central to the role of an internal auditor. Gathering and evaluating information is the basic

More information

MARKET CONDUCT ASSESSMENT REPORT

MARKET CONDUCT ASSESSMENT REPORT MARKET CONDUCT ASSESSMENT REPORT PART 1 STATUTORY ACCIDENT BENEFITS SCHEDULE (SABS) PART 2 RATE VERIFICATION PROCESS Phase 1 (2012) Financial Services Commission of Ontario (FSCO) Market Regulation Branch

More information

Internal Audit Manual

Internal Audit Manual COMPTROLLER OF ACCOUNTS Ministry of Finance Government of the Republic of Trinidad Tobago Internal Audit Manual Prepared by the Financial Management Branch, Treasury Division, Ministry of Finance TABLE

More information

Mandatory Provident Fund Schemes Authority COMPLIANCE STANDARDS FOR MPF APPROVED TRUSTEES. First Edition July 2005. Hong Kong

Mandatory Provident Fund Schemes Authority COMPLIANCE STANDARDS FOR MPF APPROVED TRUSTEES. First Edition July 2005. Hong Kong Mandatory Provident Fund Schemes Authority COMPLIANCE STANDARDS FOR MPF APPROVED TRUSTEES First Edition July 2005 Hong Kong Contents Glossary...2 Introduction to Standards...4 Interpretation Section...6

More information

Internal Audit Charter. Version 1 (7 November 2013)

Internal Audit Charter. Version 1 (7 November 2013) Version 1 (7 November 2013) CONTENTS Details Page EXECUTIVE SUMMARY... 2 1. BACKGROUND... 3 10. PSIAS REQUIREMENTS... 3 12. DEFINITION OF THE CHIEF AUDIT EXECUTIVE (CAE)... 4 14. DEFINITION OF THE BOARD...

More information

Fit and Proper Assessment Best Practice

Fit and Proper Assessment Best Practice Fit and Proper Assessment Best Practice Final Report EMERGING MARKETS COMMITTEE OF THE INTERNATIONAL ORGANIZATION OF SECURITIES COMMISSIONS DECEMBER 2009 CONTENTS Chapter Page 1 Introduction 3 1.1 Objectives

More information

IIA POSITION PAPER: THE ROLE OF INTERNAL AUDITING

IIA POSITION PAPER: THE ROLE OF INTERNAL AUDITING IIA POSITION PAPER: THE ROLE OF INTERNAL AUDITING IN RESOURCING THE INTERNAL AUDIT ACTIVITY Revised: Page 1 of 5 Introduction When considering the resourcing of the internal audit activity a question that

More information

august09 tpp 09-05 Internal Audit and Risk Management Policy for the NSW Public Sector OFFICE OF FINANCIAL MANAGEMENT Policy & Guidelines Paper

august09 tpp 09-05 Internal Audit and Risk Management Policy for the NSW Public Sector OFFICE OF FINANCIAL MANAGEMENT Policy & Guidelines Paper august09 09-05 Internal Audit and Risk Management Policy for the NSW Public Sector OFFICE OF FINANCIAL MANAGEMENT Policy & Guidelines Paper Preface Corporate governance - which refers broadly to the processes

More information

Annex II: Terms of Reference for Management and Implementation Support Consultant (Firm)

Annex II: Terms of Reference for Management and Implementation Support Consultant (Firm) Annex II: Terms of Reference for Management and Implementation Support Consultant (Firm) a. Background: 1. The GoB in accordance with its Public Financial Management (PFM) Strategy & Vision and Medium

More information

EUROPEAN CONFEDERATION OF INSTITUTES OF INTERNAL AUDITING (IVZW)

EUROPEAN CONFEDERATION OF INSTITUTES OF INTERNAL AUDITING (IVZW) EUROPEAN CONFEDERATION OF INSTITUTES OF INTERNAL AUDITING (IVZW) Phil Tarling PRESIDENT Carolyn Dittmeier VICE PRESIDENT Head Office: c/o IIA Belgium Koningstraat 109-111, bus 5 - B-1000 Brussels (Belgium)

More information

Federal Bureau of Investigation s Integrity and Compliance Program

Federal Bureau of Investigation s Integrity and Compliance Program Evaluation and Inspection Division Federal Bureau of Investigation s Integrity and Compliance Program November 2011 I-2012-001 EXECUTIVE DIGEST In June 2007, the Federal Bureau of Investigation (FBI) established

More information

CHECKLIST ISO/IEC 17021:2011 Conformity Assessment Requirements for Bodies Providing Audit and Certification of Management Systems

CHECKLIST ISO/IEC 17021:2011 Conformity Assessment Requirements for Bodies Providing Audit and Certification of Management Systems Date(s) of Evaluation: CHECKLIST ISO/IEC 17021:2011 Conformity Assessment Requirements for Bodies Providing Audit and Certification of Management Systems Assessor(s) & Observer(s): Organization: Area/Field

More information

Guide on Developing a HRM Plan

Guide on Developing a HRM Plan Guide on Developing a HRM Plan Civil Service Branch June 1996 Table of Contents Introduction What is a HRM Plan? Critical Success Factors for Developing the HRM Plan A Shift in Mindset The HRM Plan in

More information

GAO. Government Auditing Standards: Implementation Tool

GAO. Government Auditing Standards: Implementation Tool United States Government Accountability Office GAO By the Comptroller General of the United States December 2007 Government Auditing Standards: Implementation Tool Professional Requirements Tool for Use

More information

CAMBRIDGE CITY COUNCIL

CAMBRIDGE CITY COUNCIL Agenda Item CAMBRIDGE CITY COUNCIL REPORT OF: Director of Business Transformation TO: Civic Affairs Committee 25 June 2014 WARDS: All INTERNAL AUDIT: REVIEW OF EFFECTIVENESS 2013 / 2014 1 INTRODUCTION

More information

FINAL DOCUMENT. Guidelines for Regulatory Auditing of Quality Management Systems of Medical Device Manufacturers Part 1: General Requirements

FINAL DOCUMENT. Guidelines for Regulatory Auditing of Quality Management Systems of Medical Device Manufacturers Part 1: General Requirements GHTF/SG4/N28R4:2008 FINAL DOCUMENT Title: Guidelines for Regulatory Auditing of Quality Management Systems of Medical Device Manufacturers Authoring Group: GHTF Study Group 4 Endorsed by: The Global Harmonization

More information

3.6 - REPORT BY THE CHAIRMAN OF THE BOARD OF DIRECTORS ON CORPORATE GOVERNANCE, RISK MANAGEMENT AND INTERNAL CONTROLS

3.6 - REPORT BY THE CHAIRMAN OF THE BOARD OF DIRECTORS ON CORPORATE GOVERNANCE, RISK MANAGEMENT AND INTERNAL CONTROLS RISK FACTORS Report by the Chairman of the Board of Directors on corporate governance, risk management and internal controls Property damage and operating loss insurance Property damage/operating loss

More information

Financial Management Framework >> Overview Diagram

Financial Management Framework >> Overview Diagram June 2012 The State of Queensland (Queensland Treasury) June 2012 Except where otherwise noted you are free to copy, communicate and adapt this work, as long as you attribute the authors. This document

More information

AD 13/15 CONF-RS 2/15 1

AD 13/15 CONF-RS 2/15 1 CONFERENCE ON ACCESSION TO THE EUROPEAN UNION SERBIA Brussels, 3 December 2015 (OR. en ) AD 13 / 15 CONF - RS 2 ACCESSION DOCUMENT Subject: EUROPEAN UNION COMMON POSITION Chapter 32: Financial control

More information

Guideline on good pharmacovigilance practices (GVP)

Guideline on good pharmacovigilance practices (GVP) 1 2 20 February 2012 EMA/541760/2011 3 4 Guideline on good pharmacovigilance practices (GVP) Module I Pharmacovigilance systems and their quality systems Draft finalised by the Agency in collaboration

More information

Coordination and Cooperation between SAIs and Internal Auditors in the Public Sector

Coordination and Cooperation between SAIs and Internal Auditors in the Public Sector INTOSAI GOV 9150 The International Standards of Supreme Audit Institutions, ISSAIs, are issued by the International Organization of Supreme Audit Institutions, INTOSAI. For more information visit www.issai.org

More information

Audit of UNESCO s Recruitment Process for International Staff

Audit of UNESCO s Recruitment Process for International Staff Internal Oversight Service Audit Section IOS/AUD/2015/07 Original: English Audit of UNESCO s Recruitment Process for International Staff September 2015 Auditors: Tuyet-Mai Grabiel Dawn Clemitson EXECUTIVE

More information

Public Sector Internal Audit Standards. Applying the IIA International Standards to the UK Public Sector

Public Sector Internal Audit Standards. Applying the IIA International Standards to the UK Public Sector Public Sector Internal Audit Standards Applying the IIA International Standards to the UK Public Sector Issued by the Relevant Internal Audit Standard Setters: In collaboration with: Public Sector Internal

More information

1. This bulletin, which contains the Charter of the Office of Internal Oversight Services (IOS) of

1. This bulletin, which contains the Charter of the Office of Internal Oversight Services (IOS) of UNIDO/DGB/(M).92/Rev.3 28 January 2015 Distribution: All staff members at headquarters, established offices and permanent missions 1. This bulletin, which contains the Charter of the Office of Internal

More information

EXECUTIVE SUMMARY...5

EXECUTIVE SUMMARY...5 Table of Contents EXECUTIVE SUMMARY...5 CONTEXT...5 AUDIT OBJECTIVE...5 AUDIT SCOPE...5 AUDIT CONCLUSION...6 KEY OBSERVATIONS AND RECOMMENDATIONS...6 1. INTRODUCTION...9 1.1 BACKGROUND...9 1.2 OBJECTIVES...9

More information

Internal Audit Charters

Internal Audit Charters Internal Audit Charters Part of a series of notes to help Centers review their own internal management processes from the point of view of managing risks and promoting good governance and value for money,

More information

Practice Guide COORDINATING RISK MANAGEMENT AND ASSURANCE

Practice Guide COORDINATING RISK MANAGEMENT AND ASSURANCE Practice Guide COORDINATING RISK MANAGEMENT AND ASSURANCE March 2012 Table of Contents Executive Summary... 1 Introduction... 1 Risk Management and Assurance (Assurance Services)... 1 Assurance Framework...

More information

GAO DEFENSE CONTRACT AUDITS. Actions Needed to Improve DCAA's Access to and Use of Defense Company Internal Audit Reports

GAO DEFENSE CONTRACT AUDITS. Actions Needed to Improve DCAA's Access to and Use of Defense Company Internal Audit Reports GAO United States Government Accountability Office Report to the Committee on Armed Services, U.S. Senate December 2011 DEFENSE CONTRACT AUDITS Actions Needed to Improve DCAA's Access to and Use of Defense

More information

Aegon Global Compliance

Aegon Global Compliance Aegon Global Compliance GLOBAL Charter COMPLIANCE CHARTER aegon.com The Hague, June 1, 2013 Information sheet Target audience: All employees and management of Aegon companies Issued by: Aegon N.V. Group

More information

Statement of Guidance

Statement of Guidance Statement of Guidance Internal Audit Unrestricted Trust Companies 1. Statement of Objectives 1.1. To provide specific guidance on Internal Audit Functions as called for in section 3.6 of the Statement

More information

Internal Controls and Financial Accountability for Not-for-Profit Boards NEW YORK STATE OFFICE. of the ATTORNEY GENERAL.

Internal Controls and Financial Accountability for Not-for-Profit Boards NEW YORK STATE OFFICE. of the ATTORNEY GENERAL. Internal Controls and Financial Accountability for Not-for-Profit Boards NEW YORK STATE OFFICE of the ATTORNEY GENERAL Charities Bureau 120 Broadway New York, NY 10271 (212) 416-8400 www.charitiesnys.com

More information

CHECKLIST OF COMPLIANCE WITH THE CIPFA CODE OF PRACTICE FOR INTERNAL AUDIT

CHECKLIST OF COMPLIANCE WITH THE CIPFA CODE OF PRACTICE FOR INTERNAL AUDIT CHECKLIST OF COMPLIANCE WITH THE CIPFA CODE OF PRACTICE FOR INTERNAL AUDIT 1 Scope of Internal Audit 1.1 Terms of Reference 1.1.1 Do terms of reference: (a) establish the responsibilities and objectives

More information

Implementing the International Standards for Supreme Audit Institutions (ISSAIs): Strategic considerations

Implementing the International Standards for Supreme Audit Institutions (ISSAIs): Strategic considerations Implementing the International Standards for Supreme Audit Institutions (ISSAIs): Strategic considerations This guide has been written by members of the Capacity Building Subcommittee 1 chaired by the

More information

NORTH ATLANTIC TREATY ORGANIZATION STRATEGIC PLAN

NORTH ATLANTIC TREATY ORGANIZATION STRATEGIC PLAN NORTH ATLANTIC TREATY ORGANIZATION STRATEGIC PLAN 27 March 2015 INTERNATIONAL BOARD OF AUDITORS FOR NATO (IBAN) STRATEGIC PLAN 2015-2019 1 TABLE OF CONTENTS Page No. 1. IBAN AT A GLANCE 3 2. OVERVIEW 3

More information

Internal Audit Practice Guide

Internal Audit Practice Guide Internal Audit Practice Guide Continuous Auditing Office of the Comptroller General, Internal Audit Sector May 2010 Table of Contents Purpose...1 Background...1 Definitions...2 Continuous Auditing Professional

More information

Board of Directors and Senior Management 2. Audit Management 4. Internal IT Audit Staff 5. Operating Management 5. External Auditors 5.

Board of Directors and Senior Management 2. Audit Management 4. Internal IT Audit Staff 5. Operating Management 5. External Auditors 5. Table of Contents Introduction 1 IT Audit Roles and Responsibilities 2 Board of Directors and Senior Management 2 Audit Management 4 Internal IT Audit Staff 5 Operating Management 5 External Auditors 5

More information

Governance, Risk and Compliance Charter

Governance, Risk and Compliance Charter Governance, Risk and Compliance Charter Charter Owner Director GRC Charter Approver Board of Management Effective date November 15 th, 2013 Date of issue Version Name Title 15 Nov 2013 1.0 Fokko Kool Group

More information

Code of Audit Practice

Code of Audit Practice Code of Audit Practice APRIL 2015 Code of Audit Practice Published pursuant to Schedule 6 Para 2 of the Local Audit and Accountability This document is available on our website at: www.nao.org.uk/ consultation-code-audit-practice

More information

HRM. Human Resource Management Rapid Assessment Tool. A Guide for Strengthening HRM Systems. for Health Organizations. 3rd edition

HRM. Human Resource Management Rapid Assessment Tool. A Guide for Strengthening HRM Systems. for Health Organizations. 3rd edition HRM Human Resource Management Rapid Assessment Tool for Health Organizations A Guide for Strengthening HRM Systems 3rd edition . Human Resource Management Rapid Assessment Tool Copyright 2005, renewed

More information

Compliance Review Report Internal Audit and Risk Management Policy for the New South Wales Public Sector

Compliance Review Report Internal Audit and Risk Management Policy for the New South Wales Public Sector Compliance Review Report Internal Audit and Risk Management Policy for the New South Wales Public Sector Background The Treasury issued TPP 09-05 Internal Audit and Risk Management Policy for the New South

More information

Public Sector Internal Audit Standards

Public Sector Internal Audit Standards Public Sector Internal Audit Standards Table of Contents Section 1 Introduction 3 Section 2 Applicability 6 Section 3 Definition of Internal Auditing 8 Section 4 Code of Ethics 9 Section 5 Standards 12

More information

Revised Scheme of Service. for Accountants

Revised Scheme of Service. for Accountants REPUBLIC OF KENYA Revised Scheme of Service for Accountants April, 2009 ISSUED BY THE PERMANENT SECRETARY, MINISTRY OF STATE FOR PUBLIC SERVICE OFFICE OF THE PRIME MINISTER NAIROBI 2 3 REVISED SCHEME OF

More information

Data Analysis: The Cornerstone of Effective Internal Auditing. A CaseWare Analytics Research Report

Data Analysis: The Cornerstone of Effective Internal Auditing. A CaseWare Analytics Research Report Data Analysis: The Cornerstone of Effective Internal Auditing A CaseWare Analytics Research Report Contents Why Data Analysis Step 1: Foundation - Fix Any Cracks First Step 2: Risk - Where to Look Step

More information

PUBLIC SERVICE COMMISSION AUDIT REPORTS 2012

PUBLIC SERVICE COMMISSION AUDIT REPORTS 2012 PUBLIC SERVICE COMMISSION AUDIT REPORTS 2012 All of the audit work in this publication was conducted in accordance with the legislative mandate and audit policies of the Public Service Commission of Canada.

More information

CALL FOR PROPOSALS FOR INSTITUTIONAL CAPACITY DEVELOPMENT 1. BACKGROUND Organizational Context: The National Federal Parliament (NFP) was inaugurated in August 2012, with the selection (by traditional

More information

EA IAF/ILAC Guidance. on the Application of ISO/IEC 17020:1998

EA IAF/ILAC Guidance. on the Application of ISO/IEC 17020:1998 Publication Reference EA IAF/ILAC-A4: 2004 EA IAF/ILAC Guidance on the Application of ISO/IEC 17020:1998 PURPOSE This guidance document is for ISO/IEC 17020: General Criteria for the operation of various

More information

Public Sector Internal Audit Standards. Applying the IIA International Standards to the UK Public Sector

Public Sector Internal Audit Standards. Applying the IIA International Standards to the UK Public Sector Public Sector Internal Audit Standards Applying the IIA International Standards to the UK Public Sector Issued by the Relevant Internal Audit Standard Setters: In collaboration with: Public Sector Internal

More information

An Examination of an Entity s Internal Control Over Financial Reporting That Is Integrated With an Audit of Its Financial Statements

An Examination of an Entity s Internal Control Over Financial Reporting That Is Integrated With an Audit of Its Financial Statements Examination of an Entity s Internal Control 1403 AT Section 501 An Examination of an Entity s Internal Control Over Financial Reporting That Is Integrated With an Audit of Its Financial Statements Source:

More information

Administrative Guidelines on the Internal Control Framework and Internal Audit Standards

Administrative Guidelines on the Internal Control Framework and Internal Audit Standards Administrative Guidelines on the Internal Control Framework and Internal Audit Standards GCF/B.09/18 18 February 2015 Meeting of the Board 24 26 March 2015 Songdo, Republic of Korea Agenda item 24 Page

More information

OECD GUIDELINES FOR PENSION FUND GOVERNANCE

OECD GUIDELINES FOR PENSION FUND GOVERNANCE OECD GUIDELINES FOR PENSION FUND GOVERNANCE These Guidelines were approved by the Working Party on Private Pensions on 5 June 2009. OECD GUIDELINES FOR PENSION FUND GOVERNANCE 1 I. GOVERNANCE STRUCTURE

More information

The Framework for Quality Assurance

The Framework for Quality Assurance Chapter 1 The Framework for Quality Assurance O v e rv i e w One of internal audit s major assets is its credibility with stakeholders. To provide credible assistance and constructive challenge to management,

More information

Internal Audit Division

Internal Audit Division Internal Audit Division at the Financial Conduct Authority Information Pack April 2013 Contents of Information Pack A. Introduction B. Internal Audit Terms of Reference C. Organisation D. Skills and Competencies

More information

EUR-ACE. Framework Standards for the Accreditation of Engineering Programmes. Foreword... 2. 1. Programme Outcomes for Accreditation...

EUR-ACE. Framework Standards for the Accreditation of Engineering Programmes. Foreword... 2. 1. Programme Outcomes for Accreditation... As approved by the ENAEE Administrative Council on 5 November 2008 EUR-ACE Framework Standards for the Accreditation of Engineering Programmes Table of Contents Foreword... 2 1. Programme Outcomes for

More information

Developing HR Strategies in Public Administration Institutions Recruitment and Retention Strategies and Workforce Plans

Developing HR Strategies in Public Administration Institutions Recruitment and Retention Strategies and Workforce Plans Developing HR Strategies in Public Administration Institutions Recruitment and Retention Strategies and Workforce Plans 27th to 29th May 2014 and October 2014 Danilovgrad, Montenegro PROVISIONAL PROGRAMME

More information

Revised May 2007. Corporate Governance Guideline

Revised May 2007. Corporate Governance Guideline Revised May 2007 Corporate Governance Guideline Table of Contents 1. INTRODUCTION 1 2. PURPOSES OF GUIDELINE 1 3. APPLICATION AND SCOPE 2 4. DEFINITIONS OF KEY TERMS 2 5. FRAMEWORK USED BY CENTRAL BANK

More information

P-01 Certification Procedure for QMS, EMS, EnMS & OHSAS. Procedure. Application, Audit and Certification

P-01 Certification Procedure for QMS, EMS, EnMS & OHSAS. Procedure. Application, Audit and Certification Procedure Application, Audit and Certification Document No. P-01 Version 9.00 Date of Issue Nov 02, 2015 Reviewed & Approved by Name Designation Signature Date Kaushal Goyal Managing Director Nov 02, 2015

More information

Guidance Note on Developing Terms of Reference (ToR) for Evaluations

Guidance Note on Developing Terms of Reference (ToR) for Evaluations Evaluation Guidance Note Series UNIFEM Evaluation Unit October 2009 Guidance Note on Developing Terms of Reference (ToR) for Evaluations Terms of Reference (ToR) What? Why? And How? These guidelines aim

More information

DATA ANALYSIS: THE CORNERSTONE OF EFFECTIVE INTERNAL AUDITING. A CaseWare IDEA Research Report

DATA ANALYSIS: THE CORNERSTONE OF EFFECTIVE INTERNAL AUDITING. A CaseWare IDEA Research Report DATA ANALYSIS: THE CORNERSTONE OF EFFECTIVE INTERNAL AUDITING A CaseWare IDEA Research Report CaseWare IDEA Inc. is a privately held software development and marketing company, with offices in Toronto

More information

APPENDIX: CHECKLIST COMPLIANCE WITH THE CODE

APPENDIX: CHECKLIST COMPLIANCE WITH THE CODE AEDIX: CHECKLIST COMLIACE WITH THE CODE lease tick to indicate = ES, = ARTIAL, = O. Where partial or no, you should give reasons for any noncompliance, and any compensating measures in place or actions

More information

Code of Corporate Governance

Code of Corporate Governance www.surreycc.gov.uk Making Surrey a better place Code of Corporate Governance October 2013 1 This page is intentionally blank 2 CONTENTS PAGE Commitment to good governance 4 Good governance principles

More information

Effective Internal Audit in the Financial. Services Sector. Non Executive Directors (NEDs) and the Management of Risk

Effective Internal Audit in the Financial. Services Sector. Non Executive Directors (NEDs) and the Management of Risk Consultation document Effective Internal Audit in the Financial A survey of heads of internal audit Services Sector Non Executive Directors (NEDs) and the Management of Risk Draft recommendations to the

More information

The Role and Function of a Data Protection Officer in the European Commission s Proposed General Data Protection Regulation. Initial Discussion Paper

The Role and Function of a Data Protection Officer in the European Commission s Proposed General Data Protection Regulation. Initial Discussion Paper The Role and Function of a Data Protection Officer in the European Commission s Proposed General Data Protection Regulation 1. Introduction Initial Discussion Paper The data protection officer ( DPO )

More information

ENTERPRISE RISK MANAGEMENT POLICY

ENTERPRISE RISK MANAGEMENT POLICY ENTERPRISE RISK MANAGEMENT POLICY TITLE OF POLICY POLICY OWNER POLICY CHAMPION DOCUMENT HISTORY: Policy Title Status Enterprise Risk Management Policy (current, revised, no change, redundant) Approving

More information

Haulsey Engineering, Inc. Quality Management System (QMS) Table of Contents

Haulsey Engineering, Inc. Quality Management System (QMS) Table of Contents Haulsey Engineering, Inc. Quality Management System (QMS) Table of Contents 1.0 Introduction 1.1 Quality Management Policy and Practices 2.0 Quality System Components 2.1 Quality Management Plans 2.2 Quality

More information

Internal Audit Framework

Internal Audit Framework Internal Audit Framework Internal Audit Framework National Treasury Republic of South Africa March 2009 (2 nd Edition) The Internal Audit Framework is being provided as a service to the Public Service.

More information

OVERVIEW. stakeholder engagement mechanisms and WP29 consultation mechanisms respectively.

OVERVIEW. stakeholder engagement mechanisms and WP29 consultation mechanisms respectively. Joint work between experts from the Article 29 Working Party and from APEC Economies, on a referential for requirements for Binding Corporate Rules submitted to national Data Protection Authorities in

More information